Skip to content
Permalink
Browse files

Security fixes, add int casting

  • Loading branch information...
jmontoyaa committed Jan 18, 2019
1 parent c435016 commit 6968fb5766fadeba5472bb60fd2715af2733d0cf
Showing with 28 additions and 13 deletions.
  1. +28 −13 main/inc/lib/social.lib.php
@@ -152,14 +152,16 @@ public static function get_friends(
$search_name = null,
$load_extra_info = true
) {
$user_id = (int) $user_id;
$list_ids_friends = [];
$tbl_my_friend = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
$tbl_my_user = Database::get_main_table(TABLE_MAIN_USER);
$sql = 'SELECT friend_user_id FROM '.$tbl_my_friend.'
WHERE
relation_type NOT IN ('.USER_RELATION_TYPE_DELETED.', '.USER_RELATION_TYPE_RRHH.') AND
friend_user_id<>'.((int) $user_id).' AND
user_id='.((int) $user_id);
friend_user_id<>'.$user_id.' AND
user_id='.$user_id;
if (isset($id_group) && $id_group > 0) {
$sql .= ' AND relation_type='.$id_group;
}
@@ -309,17 +311,17 @@ public static function send_invitation_friend(
*
* @author isaac flores paz
*
* @param int user receiver id
* @param int $userId user receiver id
*
* @return int
*/
public static function get_message_number_invitation_by_user_id($user_receiver_id)
public static function get_message_number_invitation_by_user_id($userId)
{
$table = Database::get_main_table(TABLE_MESSAGE);
$user_receiver_id = (int) $user_receiver_id;
$userId = (int) $userId;
$sql = 'SELECT COUNT(*) as count_message_in_box FROM '.$table.'
WHERE
user_receiver_id='.$user_receiver_id.' AND
user_receiver_id='.$userId.' AND
msg_status='.MESSAGE_STATUS_INVITATION_PENDING;
$res = Database::query($sql);
$row = Database::fetch_array($res, 'ASSOC');
@@ -333,16 +335,17 @@ public static function get_message_number_invitation_by_user_id($user_receiver_i
/**
* Get number of messages sent to other users.
*
* @param int $sender_id
* @param int $userId
*
* @return int
*/
public static function getCountMessagesSent($sender_id)
public static function getCountMessagesSent($userId)
{
$userId = (int) $userId;
$table = Database::get_main_table(TABLE_MESSAGE);
$sql = 'SELECT COUNT(*) FROM '.$table.'
WHERE
user_sender_id='.intval($sender_id).' AND
user_sender_id='.$userId.' AND
msg_status < 5';
$res = Database::query($sql);
$row = Database::fetch_row($res);
@@ -474,6 +477,8 @@ public static function get_list_invitation_sent_by_user_id($userId)
*/
public static function getCountInvitationSent($userId)
{
$userId = (int) $userId;
if (empty($userId)) {
return 0;
}
@@ -482,7 +487,7 @@ public static function getCountInvitationSent($userId)
$sql = 'SELECT count(user_receiver_id) count
FROM '.$table.'
WHERE
user_sender_id = '.intval($userId).' AND
user_sender_id = '.$userId.' AND
msg_status = '.MESSAGE_STATUS_INVITATION_PENDING;
$res = Database::query($sql);
if (Database::num_rows($res)) {
@@ -697,6 +702,8 @@ public static function sendInvitationToUser($userId, $subject = '', $content = '
public static function get_logged_user_course_html($my_course, $count)
{
$result = '';
$count = (int) $count;
// Table definitions
$main_user_table = Database::get_main_table(TABLE_MAIN_USER);
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
@@ -806,6 +813,9 @@ public static function get_logged_user_course_html($my_course, $count)
*/
public static function show_social_avatar_block($show = '', $group_id = 0, $user_id = 0)
{
$user_id = (int) $user_id;
$group_id = (int) $group_id;
if (empty($user_id)) {
$user_id = api_get_user_id();
}
@@ -897,6 +907,9 @@ public static function show_social_menu(
$show_full_profile = false,
$show_delete_account_button = false
) {
$user_id = (int) $user_id;
$group_id = (int) $group_id;
if (empty($user_id)) {
$user_id = api_get_user_id();
}
@@ -1277,7 +1290,7 @@ public static function show_social_menu(
*/
public static function display_user_list($user_list, $wrap = true)
{
$html = null;
$html = '';
if (isset($_GET['id']) || count($user_list) < 1) {
return false;
@@ -1354,7 +1367,7 @@ public static function display_user_list($user_list, $wrap = true)
public static function display_individual_user($user_id)
{
global $interbreadcrumb;
$safe_user_id = intval($user_id);
$safe_user_id = (int) $user_id;
$currentUserId = api_get_user_id();
$user_table = Database::get_main_table(TABLE_MAIN_USER);
@@ -2237,6 +2250,9 @@ public static function getSkillBlock($userId)
*/
private static function headerMessagePost($authorId, $receiverId, $users, $message, $isOwnWall = false)
{
$authorId = (int) $authorId;
$receiverId = (int) $receiverId;
$date = api_get_local_time($message['send_date']);
$avatarAuthor = $users[$authorId]['avatar'];
$urlAuthor = api_get_path(WEB_CODE_PATH).'social/profile.php?u='.$authorId;
@@ -2260,7 +2276,6 @@ private static function headerMessagePost($authorId, $receiverId, $users, $messa
if (!empty($message['path'])) {
$imageBig = UserManager::getUserPicture($authorId, USER_IMAGE_SIZE_BIG);
$imageSmall = UserManager::getUserPicture($authorId, USER_IMAGE_SIZE_SMALL);
$wallImage = '<a class="thumbnail ajax" href="'.$imageBig.'"><img src="'.$imageSmall.'"></a>';
}

0 comments on commit 6968fb5

Please sign in to comment.
You can’t perform that action at this time.